RT @TuurDemeester: Core dev Cory Fields: "The most likely sudden death scenario for a cryptocurrency like bitcoin is an accidental bug that gets introduced internal to the system." => This is why ossification of the core layer is desirable at some point. https://t.co/OO2uvNpQm5

RT @TuurDemeester: Core dev Cory Fields: "The most likely sudden death scenario for a cryptocurrency like bitcoin is an accidental bug that gets introduced internal to the system." => This is why ossification of the core layer is desirable at some point. https://t.co/OO2uvNpQm5

RT @TuurDemeester: Core dev Cory Fields: "The most likely sudden death scenario for a cryptocurrency like bitcoin is an accidental bug that gets introduced internal to the system." => This is why ossification of the core layer is desirable at some point. https://t.co/OO2uvNpQm5

Core dev Cory Fields: "The most likely sudden death scenario for a cryptocurrency like bitcoin is an accidental bug that gets introduced internal to the system." => This is why ossification of the core layer is desirable at some point. https://t.co/OO2uvNpQm5

so if we rewrite bitcoin in rust, does this mean that something like 99% of all rust cycles worldwide will be spent burning fossil fuels for exponentially decreasing returns of semi imaginary money that has no inherent value?

what happens next will be nobody is interested, then he goes on to make a new coin with rust or whatever, at first the new coins might gain some tractions, listed on Binance, remember UB coin of Garzik ? Then he dumps it all getting back to Bitcoin. Some get burned, Hodlers are not affected.

He thinks it's broken for all the wrong reasons, and actually goes on to blame other projects unrelated to Butts for it's brokenness. It's still going to be a tremendous waste of resources if it sticks with PoW. It's still going to be the nothing but scams, drugs, organized crime, and money laundering. It's still going to have all the markings of a Ponzi scheme. When are these core devs going to address some of the real issues instead of worrying about the implementation language? I agree that it's broken, and it's going to stay that way probably.

As far as the other projects go. I am not all that technical, but I did read quite a bit about OpenSSL and heartbleed and what not. I help oversee a small team of software engineers at work. My understanding of the OpenSSL bug is that it existed there for years without being touched. The team I have at work, they get burned out working on the same projects, the same set of stuff. The senior developer likes to keeps things fresh with those guys, and at the same time make sure that projects are meeting their deadlines. With a project as big and as widely used as OpenSSL I could imagine people who have the experience with it lose interest in maintaining it for absolutely zero pay, or they want to move on to other projects. That's not an implementation language problem, or a problem that is going to be fixed by previously broken code being incorporated directly into a different project like Buttcoin. It to me sounds more like a people problem, and either someone needs to pay to fix it, or they need to find an interested/experienced developer willing to spend their free time on it. Since open source is mostly unpaid do it at your leisure type code, and not a single one of these Buttcoin devs stepped up to solve any of the issues with the software their crap depends on(in the case of OpenSSL things sat for 5 years), then their gripe about other software's brokenness is kind of pointless.

OpenSSL the library is one of the worst designed pieces of software I've ever seen. Here's a funny writeup from 2009 titled OpenSSL is written by monkeys \[1\]. That's got nothing to do with the programming language, it's just awful software.
\[1\] [https://www.peereboom.us/assl/assl/html/openssl.html](https://www.peereboom.us/assl/assl/html/openssl.html)

OpenSSL is big? In usage absolutely yes, as a project not so much: they have 16 developers with commit access on the repo and that is definitely part of their problems. Which goes to prove your point, even if from the other side. They have too few people, too many things to do: their github alone lists 790 open issues plus 270 open pull requests, not to mention their own product backlog, the big, unreadable and obsolete codebase itself or what interactions happen on their mailing list.
Usability of the cmdline tools is still shit for the user, consistency and readabilty of the code is shit and in dire need of a rewrite (refactoring would still leave you with the convoluted design) and bugs just as critical as heartbleed may still lurk in the codebase, known only to governement agencies and companies that collect and sell 0-days.
It should have died -to be replaced by something saner- long ago, but just like stuff as IPv4 or TCP it is too widely used to be easily replaced by something equivalent but better. A victim of its own early success.

Do they even care? Many alt coins have suffered from serious data-altering bugs, most are susceptible to 51% attacks and a couple had been successfully attacked already. None of these had any real impact on price. By this point they are really just gambling with tickers against exchanged issued chips - if the house says things are okay then it's going to be okay.

Any sane software system relies on the ability of human beings to detect and recover from errors: errors in the requirements, the design, the implementation, the hardware, whatever. Something crazy happens--something crazy always will--and humans have to be able to say "that's not right," and take action to make it right.

The crypto people who trot out nonsense slogans like "backed by math" or "code is law"...I've been in this industry a quarter century. I know what kind of nonsense they're talking.

That's my ultimate criticism of Bitcoin and all its ilk: all the people pushing it are like the 21 year old intern who stares blankly at the computer screen, saying "but that can't happen."

Precisely. In the end a human, or a group of humans, have to be able to override the system. Bitcoin is like "we can design a perfect system now, that will never break, and that we can trust forever and ever".
&#x200B;
Yeah, about that

I actually kinda want to learn rust.... as my first step into a more advanced language. Is this bad?
Or is it kinda like Undertale or Rick and Morty in the fact that the base product is good but you should avoid the fandom?

It's actually a great language. The pros are of course safety, but you get a whole ton of modern features (algebraic data types, enum associated values, pattern matching, generics, safe macros, implicit memory management without a garbage collector, fantastic errors, a great package management story in Cargo and Crates, and even good editor support with VSCode and the RLS). It's already among the fastest languages, and can be faster than C/C++ once optimizations improve, up there with Fortran.
It's gotten a lot easier to use in the 2018 variant, and non-lexical lifetimes \[1\] which is what most people complain about re: borrow checker in the 2015 variant.
I suggest you learn it because it'll force you to think differently. You may hate it and that's fine, you may love it and find your new go-to language, or more likely, you'll learn some cool stuff to do better in your daily driver.
\[1\] [https://doc.rust-lang.org/edition-guide/rust-2018/ownership-and-lifetimes/non-lexical-lifetimes.html](https://doc.rust-lang.org/edition-guide/rust-2018/ownership-and-lifetimes/non-lexical-lifetimes.html)

Definitely not, at least I haven’t seen any new projects written in it. Some components of Apple’s Accelerate vecLib framework, specifically the BLAS and LAPAC stuff used to be interoperable (and probably source level translations of existing packages). Arcane maybe, but fast haha

It prevents some types of bugs, but it comes at a price - the language is hard to read, the whole toolchain is weirdo, and stuff is harder to port.
Ironically if you want to look at good rust cryptocurrency, look at Facebook's Libra, that stuff is written and commented really well. (I don't understand the central HotStuff algorithm though, but I didn't give it time)

yah, I get the RUST evangelists at my door every once in a while claiming you can't get various memory/concurrency holes anymore if you use Rust and I just point to the Rust dev comments about not being able to actually prove the language to this extent. The creators of the language don't even claim the things the evangelists do. It's become a fairy tale.

Bitcoin is obviously dumb but don't let that sway your opinions of Rust. Rust does eliminate an entire class of problem (memory safety, data races across threads, implicit conversion between types). It takes a while to wrap your head around but once you do, it's really freeing, and going back to unsafe-by-default languages is kinda anxiety inducing.
Yeah they haven't proven it yet with formal methods (although there is a project to do so, \[1\] if you want more data). Even if it's not yet proven, it's still \*much safer\*. Perfect? What software is? Even with a formal proof you don't actually have a guarantee. That doesn't mean you should sit back and not try. Just expecting developers to \*be better\* hasn't worked for the last 50 years why should that change now? We deserve better tooling!
Rust is actually faster than C in theory (so is Fortran, btw) because by default C pointers are potentially aliased (overlapping) so you miss out on an entire class of optimization that Rust (and again, Fortran) permits by default (inb4 just use \`\_\_restrict\` everywhere \[2\]).
tl;dr: if correctness matters to you (and you can decide what that means in context), then Rust is your man for the job. Even if it doesn't, it's fast, modern, great to work in, has a solid package management story, awesome errors, and offers a lot of the benefits of C++ without the sheer mind bleeding insanity of it -- plus pattern matching, algebraic data types, and implicit memory management without a GC. The interop story is good with C, and c2rust gives you a nice way to start a migration.
I suggest you give it a go. Worst case you hate it and you're no further behind. Best case you love it. Average case, you learn something you can take back with you into whatever language you work in. Never get stuck in your ways, it's a sure way to obsolescence.
\[1\] [https://internals.rust-lang.org/t/current-status-of-formal-verification/10487](https://internals.rust-lang.org/t/current-status-of-formal-verification/10487)
\[2\] [https://blog.regehr.org/archives/1307](https://blog.regehr.org/archives/1307)

I'm not rust evangelist, but I've always viewed it as:
1. C is quite old, with known issues. People often argue that "good C" can work around these issues, and C is performant enough that the issues don't matter.
2. Rust eliminates a whole class of issues from C, while being similarly performant (every comparison I've ever seen made it seem like a wash)
Even ignoring the particular example of C, sometimes better tech does come along in an industry that's had a different solution for a few decades. How should people using the better tech discuss this with other practitioners without coming across as "evangelists"?
Like at first people hawking SSDs seemed like evangelists (especially given the high initial prices), but looking back it seems like they were just very right. I don't find it insane that *some* language may be a "better C" at some point, so how should such proponents of a language make that argument when they think they've found the one?

>
>2. Rust eliminates a whole class of issues from C, while being similarly performant (every comparison I've ever seen made it seem like a wash)
>
This use of "eliminate" coupled with "a whole class of issues" does not belong in this context. It's fundamentally impossible.
>Even ignoring the particular example of C, sometimes better tech does come along in an industry that's had a different solution for a few decades. How should people using the better tech discuss this with other practitioners without coming across as "evangelists"?
Simple: by not misrepresenting what they're arguing for, using correct terminology, and being *qualified* enough to argue for it.
A significant contribution to the industry's problems stems solely from propaganda and cargo culting, because people who know nothing about what they're discussing make bogus or grossly misrepresented claims to people who under the delusion that the person they're listening to is worth talking to.

If a technology platform is good enough, people will find out and come to you.
You don't need to evangelize.
> Rust eliminates a whole class of issues from C
Or maybe it just **claims** to: [buffer overflow in VecDeque::reserve\(\) in Rust 1.3 through 1.21 allows arbitrary code execution](https://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2018-1000657)

Because you found one problem with one implementation of a data type? Would you prefer people say it \*aspires\* to eliminate a whole class of issues from C until... when? Until you can't find a single example of a bug, when something like 9 out of the top 10 CVEs are all C buffer overflows? It's like standing in a hurricane with no clothes on making fun of the guy in his waterproof house because he's got a leak in his ceiling from the upstairs shower. The point is the situation there is dramatically better than C, and they're actively improving it. It's still maturing, and that's fine, and it definitely leads to safer code.
This bug happened on the boundary between safe Rust and the rest of the world (which is a risk you explicitly take with the \`unsafe\` keyword). If you find a bug in \*safe\* Rust which is where the guarantees do hold, you should let someone know.

>Because you found one problem with one implementation of a data type? Would you prefer people say it \*aspires\* to eliminate a whole class of issues from C until... when?
It's *impossible* to fully eliminate "a whole class of issues" in any programming language. You're literally arguing against mathematics which has *proven* that this is impossible.
Muddling definitions produces a network-wide effect, which leads to further problems down the road.
Liability is one of these things, and if you can't see why, your position in this discussion is completely worthless simply because you're operating from a naive perspective.
The industry *suffers* largely because of misinformation and muddled definitions. These often somewhere down the road lead to some kind of drastic consequence.
So, don't contribute to that. Shill and evangelize your technology properly, by not misrepresenting it and by not exagerating capability.
If you can't do that, you simply aren't worth listening to.

Haha, as a software engineer the only thing that drives me crazy is when people think anything is perfect, or even close to. Any piece of software with more than one contributor is a pile of utter garbage and hopelessness. I'm for projects that try and make it better. This is one. If it fails, at least it tried. The C standards body let that ship sail decades ago, and the C++ standards body is actively regressing that language.
Here's a funny writeup on why programming sucks, titled, well, Programming Sucks https://www.stilldrinking.org/programming-sucks

>Rust is actually faster than C in theory (so is Fortran, btw) because by default C pointers are potentially aliased (overlapping) so you miss out on an entire class of optimization that Rust (and again, Fortran) permits by default (inb4 just use `__restrict` everywhere [2]).
I hear this a lot and I find it really infuriating I've never seen it backed up by figures. And not on a specific tiny subset chosen test, but a broad range of applications.
Also, if Rust *was* faster (I have my doubts. Two low level languages should optimise to roughly the same speeds so long as they optimise sensibly) I would doubt this single edge case of optimisation would push it there.

Benchmarks show approximate parity between the languages right now, which is what you'd expect of LLVM languages. It's not like one's a bicycle and one's a rocket ship. The pointer restrict optimization is just that, an optimization. It means that \*in theory\* it's faster, but like, a bit. It is a broad optimization because it applies any time you have two pointers in lexical scope. You definitely shouldn't pick a language based on a pointer aliasing optimization haha, they're in a similar performance class. The nice thing about Rust is that you get to use high-level features while staying in the same performance class as C which is (more or less) a portable assembler and leaves all the heavy lifting to you.

This is essentially what I'm saying. The languages on paper should be the same. The pointer optimisation is mildly interesting but I can't think of many code cases it would actually be used. Plus it ignores many optimisations which may only apply the other way.
My main issue was I repeatedly hear 'its faster' from Rust evangelists without any referral to *real world* benchmarks to support it.

I'm not sure why you think it's a small win, no-aliasing can lead to big wins like this 35% win the X11 folks got when using \`\_\_restrict\` \[1\]. It's something all C programmers should annotate their function in-pointers with in performance critical sections, at least. It's likely worth doing everywhere but nobody is going to annotate every function signature that way, or de-structure their inputs.
\[1\] [https://djrollins.com/2016/11/18/pointer-aliasing/](https://djrollins.com/2016/11/18/pointer-aliasing/)

I'm not saying it's necessarily a small win. I'm saying without any real world data I can't make any real determination of it.
This is a very nice story and this guy took a 35% performance hit in a specific case. Whilst optimising he could also add restrict if he wanted to solve these issues.
What I'm getting at is does a large scale program made with Rust make a real world and measurable improvement on an equivalent C program, with a code base not specifically chosen to highlight this issue?
Edit: Also, this is not the X11 folks? This is just a guy using the X11 libs

Sorry for the confusion, I’m suggesting that getting restrict everywhere for free may end up being a win, it’s not fair to write it off as small without data. Sounds like we’re probably on the same page here. And yep, I should have paid more attention to the authors pedigree.
I agree this isn’t a reason to pick a programming language.

I feel you. I swear that if I hear another "Why are you using C++? Why not rewrite it in Rust?" I'm going to lose my shit. Like, sure, I'm going to throw away 3 years of work and 200k+ loc. So that I can experience the pleasure of fighting the borrow checker instead of template errors.

Oh, yeah, just rewrite the entire Bitcoin code in a new language. That'll work for sure.

Still, it's funny. I always kind of assumed that the code behind Bitcoin was perfect, and I still knew it was useless. It never actually occurred to me that coding errors would ever be its biggest problem.

"rewrite it in rust" is a shit meme, but, rust is actually good for this type of things.... where security is more important than ease of development.
And he does address the issues.
This article makes me like Core people more, not less. I wish they did not destroy the environment and make the world a shittier place with their shit-tier ideology, BUT they are technically quite capable.

>I wish they did not destroy the environment and make the world a shittier place with their shit-tier ideology, BUT they are technically quite capable.
Smart people, just pointing in the wrong direction lol

>I wish they did not destroy the environment
How? I'm a little ignorant on this topic but I see that issue used a lot. Wouldn't bitcoin by nature promote and incentivize finding energy efficiency? Energy usage doesn't exactly convert to emissions. Especially for renewables that are geolocked and time sensitive wouldn't it be valuable to use a protocol for consensus to convert energy that would go unused?
All over the world energy that could otherwise be turned into a digital resource goes instead unused.

> wouldn't it be valuable to use a protocol for consensus to convert energy that would go unused?
We already can achieve consensus via byzantine agreement though, without having to appeal to inverting hash functions. What is the sociatal benefit for using "extra energy" (which I don't believe is a good argument anyway) to solve a problem less efficiently than existing techniques?
The argument "the energy would be unused anyways" can be used to justify any energy intensive application. Bitcoin's (inverting hash functions) has *no* sociatal benefit - consensus may be fine, but the underlying hard problem they're using benefits nobody in the world intrinsically.
Fortunately there's been some movement within the academic cryptography community to present alternative problems that are less computationally expensive (the relevant terms are verifiable delay functions, and memory hard functions). These help a little, but are still achieving consensus via problems nobody cares about the solution to.
If Bitcoin were based on the hardness of computational problems we do care about the solution for (protein folding is an easy example) the energy usage of it would be much easier to handwave away. It's not though. I don't intrinsically blame bitcoin developers for not doing this initially (you need a strong notion of the average-case hardness of the computational problem to do it), but research in this area continually focuses on "less wasteful problems nobody cares about", which seems *better* than the current status but not *good*.

> wouldn't it be valuable to use a protocol for consensus to convert energy that would go unused?
>
> All over the world energy that could otherwise be turned into a digital resource goes instead unused
Bitcoin mining does not "convert" energy or "turn it into a digital resource". The energy is wasted, turned to entropy, plain and simple. Nothing useful comes out of it. It's a crime against nature.

Yeah, that's right burning more energy than most countries, in an age when everyone else is trying to cut down to avoid baking the planet, totally can't be bad.
No, it doesn't use 100% renewable power, nor does it use power that would otherwise be wasted.
It's insanely wasteful.

It incentivises cheap energy.
There are countries that provide cheap oil, gas and coal energy. Lots of countries subsidise energy, there is no guarantee this is renewable.
Don't confuse reducing costs with improving cleanliness.

>How? I'm a little ignorant on this topic but I see that issue used a lot. Wouldn't bitcoin by nature promote and incentivize finding energy efficiency? Energy usage doesn't exactly convert to emissions. Especially for renewables that are geolocked and time sensitive wouldn't it be valuable to use a protocol for consensus to convert energy that would go unused?
Not really, the more expensive a bitcoin is, the more people try and mine it, the harder mining it gets. There's a big feedback loop built in to ensure no matter how much more efficient technology, languages, whatever, get, bitcoin gets less efficient to compensate.
Hold onto your pants, but a single bitcoin transaction uses over 600kWh of electricity (plus 288kgCO2 and 85g of ewaste). That's enough to power an average American home for 20 days. Visa, in the same amount of power, processes 600,000 transactions. Visa is literally six hundred thousand times more efficient.
Does it incentivize finding renewable energy? No, it incentivizes finding cheap energy. For now, at least, cheap energy isn't renewable.
Remember once block rewards go away, the cost to process these transactions should be passed on to those making the transactions directly instead of indirectly through exchange. At $0.06/kWh (not factoring in R&D of miners, etc), I wager we'll see transaction fees of $36++.

>Hold onto your pants, but a single bitcoin transaction uses over 600kWh of electricity (plus 288kgCO2 and 85g of ewaste). That's enough to power an average American home for 20 days. Visa, in the same amount of power, processes 600,000 transactions. Visa is literally six hundred thousand times more efficient.
That sounds about right for enabling the ability to transfer a resource anywhere with an internet connection in \~10 minutes.

It really, really shouldn’t sound right to you.
The internet doesn’t operate on the timescale of minutes; this isn’t the pony express and 4800 baud modems. You can send the data worldwide in milliseconds unless you’ve boat anchored it to such waste. You’d be okay with your google searches being filed and responded to in ten minutes?!
Visa can process 50,000 transactions per second. At 600kWh of power each that would consume 0.03TWh per second, 38X the entire worlds electric generation capacity. It would generate 4 TONS of ewaste per second, or 132 million metric tons per year, 3X the entire worlds generation of ewaste today.
Get it together man, this isn’t okay 😂

> It’s important to remember that when you start from scratch there is absolutely no reason to believe that you are going to do a better job than you did the first time. First of all, you probably don’t even have the same programming team that worked on version one, so you don’t actually have “more experience”. You’re just going to make most of the old mistakes again, and introduce some new problems that weren’t in the original version.
[- by Joel Spolsky, April 6, 2000](https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/)
Timeless wisdom.

A Rust security bug was discovered just by looking in the bug tracker:
[https://medium.com/@shnatsel/how-rusts-standard-library-was-vulnerable-for-years-and-nobody-noticed-aebf0503c3d6](https://medium.com/@shnatsel/how-rusts-standard-library-was-vulnerable-for-years-and-nobody-noticed-aebf0503c3d6)
The line "everything is broken" also comes up in this article and that about sums up computer security.

Admitting that an older language might be better because it's mature and well-understood is like admitting that conventional banking and fiscal policy might be better. No room for that in the new paradigm!

If you don't like C++'s problems in this respect, just use a very specific library that addresses whatever misgivings is inherent in the core language. There's not really a need to switch languages.
That's the real point of C - it's a base from which you add only the building blocks you need.

I don't think it's possible to build a *library* that implements the borrow checker. If it is possible, it would be a template-meta-programming monstrosity that would take weeks to compile.
You might be able to implement it with a linter and some proprietary annotations. But at that point, you would need to provide TypeScript-esque lifetime definitions for existing libraries; you can't just use them, since the linter wouldn't know what the lifetimes of all the references are supposed to be.
That's what Rust is, but doing it with C++ requires worse syntax and a slower compiler.

And then you only need to deal with megabyte-long template errors, painful compile times, and a new language on top of C++ that is badly documented and is going to be mystifying for everyone else and yourself in six months.

In C++'s defense Rust was invented by people who insist on using memcpy and friends, even when the C++ compiler specifically tells you it's a bad idea to be using it. It's really no surprise that people who use C functions such as those would decry C++ as an unsafe language.